How can I authenticate App instances with AWS services using Cognito?

I have an app that needs to use the Firehose Kinesis Video stream service on AWS. According to documentation the client needs to be authenticated with a AWSCredentialsProvider. Now I don't really need authentication for this but the client must have credentials to perform requests. Also, it would be preferred if the app would have some secret token so that people that don't have the app can't make requests. Mind you that this app will have many users but I want them to share the same key/credentials for authenticating with kinesis. To do this, I created a User pool and added a App Client like these docs describe. Once that was done I tried the following code to authenticate with the App Client credentials and creating a Kinesis client

        final String clientId = "xxxxxxxxxx3";
        final String clientSecret = "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz";
        final Regions region = Regions.EU_WEST_1;
        final AWSCredentials basicAWSCredentials = new BasicAWSCredentials(clientId, clientSecret);
        AWSCredentialsProvider basicCredProvider = new AWSCredentialsProvider() {
            @Override
            public AWSCredentials getCredentials() {
                return basicAWSCredentials;
            }
            @Override
            public void refresh() {
            }
        };
        //Create kinesis client
        KinesisVideoClient mKinesisVideoClient;
        try {
            mKinesisVideoClient = KinesisVideoAndroidClientFactory.createKinesisVideoClient(
                    getApplicationContext(),
                    region,
                    basicCredProvider);
            AndroidCameraMediaSource mCameraMediaSource = (AndroidCameraMediaSource) mKinesisVideoClient
                    .createMediaSource("TEST", getCurrentConfiguration());
            mCameraMediaSource.start();
        } catch (KinesisVideoException e) {
            Log.e("KINESIS", "Failed to create Kinesis Video client", e);
        }

(My credentials are obfuscated here of course) But I get a response sating my token is invalid:

2019-11-18 16:10:04.679 20458-20458/com.example.testauth W/IInputConnectionWrapper: getExtractedText on inactive InputConnection
2019-11-18 16:10:04.680 20458-20458/com.example.testauth W/IInputConnectionWrapper: getTextBeforeCursor on inactive InputConnection
2019-11-18 16:10:09.268 20458-20458/com.example.testauth W/KinesisVideoAndroidClient: Unsatisfied link error. Directly loading native library .so.
2019-11-18 16:10:09.269 20458-20458/com.example.testauth W/KinesisVideoAndroidClient: Unsatisfied link error. Directly loading native library .dylib.
2019-11-18 16:10:09.269 20458-20458/com.example.testauth W/KinesisVideoAndroidClient: Unsatisfied link error. Directly loading native library .dll.
2019-11-18 16:10:09.270 20458-20458/com.example.testauth W/KinesisVideoAndroidClient: Unsatisfied link error. Directly loading native library libKinesisVideoProducerJNI.so.
2019-11-18 16:10:09.270 20458-20458/com.example.testauth W/KinesisVideoAndroidClient: Unsatisfied link error. Directly loading native library libKinesisVideoProducerJNI.dylib.
2019-11-18 16:10:09.271 20458-20458/com.example.testauth W/KinesisVideoAndroidClient: Unsatisfied link error. Directly loading native library libKinesisVideoProducerJNI.dll.
2019-11-18 16:10:09.276 20458-20458/com.example.testauth V/KinesisVideoAndroidClient: Success! Indirectly loaded native library KinesisVideoProducerJNI.
2019-11-18 16:10:09.276 20458-20458/com.example.testauth V/KinesisVideoAndroidClient: KinesisVideoProducerJNI library: version 1.8, compile time Oct 30 2018 15:31:01
2019-11-18 16:10:09.277 20458-20458/com.example.testauth D/platform-utils: Java_com_amazonaws_kinesisvideo_internal_producer_jni_NativeKinesisVideoProducerJni_createKinesisVideoClient(): Creating Kinesis Video client.
2019-11-18 16:10:09.278 20458-20458/com.example.testauth D/platform-utils: createKinesisVideoClient(): Creating Kinesis Video Client
2019-11-18 16:10:09.278 20458-20458/com.example.testauth D/platform-utils: heapInitialize(): Initializing native heap with limit size 402653184, spill ratio 90% and flags 0x00000001
2019-11-18 16:10:09.278 20458-20458/com.example.testauth D/platform-utils: heapInitialize(): Creating AIV heap.
2019-11-18 16:10:09.278 20458-20458/com.example.testauth D/platform-utils: heapInitialize(): Heap is initialized OK
2019-11-18 16:10:09.283 20458-20524/com.example.testauth D/KinesisVideoAndroidClient: Refreshing credentials
2019-11-18 16:10:09.316 20458-20524/com.example.testauth D/KinesisVideoAndroidClient: Returning credentials with expiration Sun Aug 17 08:12:55 GMT+01:00 292278994
2019-11-18 16:10:09.388 20458-20524/com.example.testauth D/platform-utils: Java_com_amazonaws_kinesisvideo_internal_producer_jni_NativeKinesisVideoProducerJni_createDeviceResultEvent(): create device event for handle 0x0000007cee505140.
2019-11-18 16:10:09.388 20458-20524/com.example.testauth D/platform-utils: createDeviceResultEvent(): Create device result event.
2019-11-18 16:10:09.389 20458-20458/com.example.testauth I/KinesisVideoAndroidClient: Initializing Kinesis Video client
2019-11-18 16:10:09.432 20458-20458/com.example.testauth D/platform-utils: Java_com_amazonaws_kinesisvideo_internal_producer_jni_NativeKinesisVideoProducerJni_createKinesisVideoStream(): Creating Kinesis Video stream.
2019-11-18 16:10:09.433 20458-20458/com.example.testauth D/platform-utils: createKinesisVideoStream(): Creating Kinesis Video Stream.
2019-11-18 16:10:09.603 20458-20525/com.example.testauth D/KinesisVideoAndroidClient: calling describe stream: {StreamName: TEST,}
2019-11-18 16:10:09.663 20458-20525/com.example.testauth D/NetworkSecurityConfig: No Network Security Config specified, using platform default
2019-11-18 16:10:09.666 20458-20525/com.example.testauth W/System: Ignoring header x-amz-security-token because its value was null.
2019-11-18 16:10:10.690 20458-20525/com.example.testauth E/KinesisVideoAndroidClient: 2019-11-18T16:10Z T2960: EXCEPTION: AmazonServiceException: Service call failed.: The security token included in the request is invalid. (Service: AWSKinesisVideo; Status Code: 403; Error Code: UnrecognizedClientException; Request ID: 03729e92-fb1a-4e2a-9f34-03f6fac18f8b)
2019-11-18 16:10:10.690 20458-20525/com.example.testauth E/KinesisVideoAndroidClient: Kinesis Video service client returned an error com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AWSKinesisVideo; Status Code: 403; Error Code: UnrecognizedClientException; Request ID: 03729e92-fb1a-4e2a-9f34-03f6fac18f8b). Reporting to Kinesis Video PIC.
2019-11-18 16:10:10.690 20458-20525/com.example.testauth D/platform-utils: Java_com_amazonaws_kinesisvideo_internal_producer_jni_NativeKinesisVideoProducerJni_describeStreamResultEvent(): Describe stream event for handle 0x0000007cee505140.
2019-11-18 16:10:10.691 20458-20525/com.example.testauth D/platform-utils: describeStreamResultEvent(): Describe stream result event.
2019-11-18 16:10:10.736 20458-20525/com.example.testauth D/KinesisVideoAndroidClient: calling describe stream: {StreamName: TEST,}
2019-11-18 16:10:10.752 20458-20525/com.example.testauth W/System: Ignoring header x-amz-security-token because its value was null.
2019-11-18 16:10:10.836 20458-20525/com.example.testauth E/KinesisVideoAndroidClient: 2019-11-18T16:10Z T2960: EXCEPTION: AmazonServiceException: Service call failed.: The security token included in the request is invalid. (Service: AWSKinesisVideo; Status Code: 403; Error Code: UnrecognizedClientException; Request ID: 5e342080-cd44-40b0-a151-1aa56758f076)
2019-11-18 16:10:10.837 20458-20525/com.example.testauth E/KinesisVideoAndroidClient: Kinesis Video service client returned an error com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AWSKinesisVideo; Status Code: 403; Error Code: UnrecognizedClientException; Request ID: 5e342080-cd44-40b0-a151-1aa56758f076). Reporting to Kinesis Video PIC.
2019-11-18 16:10:10.837 20458-20525/com.example.testauth D/platform-utils: Java_com_amazonaws_kinesisvideo_internal_producer_jni_NativeKinesisVideoProducerJni_describeStreamResultEvent(): Describe stream event for handle 0x0000007cee505140.
2019-11-18 16:10:10.837 20458-20525/com.example.testauth D/platform-utils: describeStreamResultEvent(): Describe stream result event.
2019-11-18 16:10:10.887 20458-20524/com.example.testauth D/KinesisVideoAndroidClient: calling describe stream: {StreamName: TEST,}
2019-11-18 16:10:10.912 20458-20524/com.example.testauth W/System: Ignoring header x-amz-security-token because its value was null.
2019-11-18 16:10:11.028 20458-20524/com.example.testauth E/KinesisVideoAndroidClient: 2019-11-18T16:10Z T2959: EXCEPTION: AmazonServiceException: Service call failed.: The security token included in the request is invalid. (Service: AWSKinesisVideo; Status Code: 403; Error Code: UnrecognizedClientException; Request ID: 673ec4b4-70c8-425e-b7d9-b0a364618085)
2019-11-18 16:10:11.028 20458-20524/com.example.testauth E/KinesisVideoAndroidClient: Kinesis Video service client returned an error com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AWSKinesisVideo; Status Code: 403; Error Code: UnrecognizedClientException; Request ID: 673ec4b4-70c8-425e-b7d9-b0a364618085). Reporting to Kinesis Video PIC.

Upon googling this error, it is most likely that my Credentials are wrong. What have I here? Shouldn't I be able to treat the App Client credentials as the AWS access keys? Or have I gotten everything wrong? Again, I don't want to create "users" or anything but I want only the app to be able to use my AWS accounts services. At first I thought I only needed identity pools but then I realized I also need user pools in order to authenticate.